Page 147 of 4121 results (0.023 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

CVE-2021-29473 – Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata

https://notcve.org/view.php?id=CVE-2021-29473

Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. • https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2 https://github.com/Exiv2/exiv2/security/policy https://github.com/github/advisory-review/pull/1587 https://lists.debian.org/debian-lts-announce/2021/08/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2XQT5F5IINTDYDAFGVGQZ7PMMLG7I5ZZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWZLDECIXXW3CCZ3RS4A3NG5X5VE4WZM https://lists.fedoraproject.org/archi • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-31598

https://notcve.org/view.php?id=CVE-2021-31598

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. Se detectó un problema en la biblioteca libezxml.a en ezXML versión 0.8.6. La función ezxml_decode() lleva a cabo un manejo incorrecto de la memoria mientras analiza archivos XML diseñados, conllevando a un desbordamiento del búfer en la región heap de la memoria • https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html https://sourceforge.net/p/ezxml/bugs/28 • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 1

CVE-2021-22207

https://notcve.org/view.php?id=CVE-2021-22207

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file Un consumo excesivo de la memoria en el disector MS-WSP en Wireshark versiones 3.4.0 hasta 3.4.4 y versiones 3.2.0 hasta 3.2.12, permite una denegación de servicio por medio de una inyección de paquetes o archivo de captura diseñado • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json https://gitlab.com/wireshark/wireshark/-/issues/17331 https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD https://security.gentoo.org/glsa/202107-21 https://www.debian.o • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.8EPSS: 96%CPEs: 6EXPL: 19

CVE-2021-22204 – ExifTool Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-22204

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image Una neutralización inapropiada de los datos del usuario en el formato de archivo DjVu en ExifTool versiones 7.44 y posteriores, permite una ejecución de código arbitrario cuando se analiza la imagen maliciosa Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image • https://www.exploit-db.com/exploits/50911 https://github.com/convisolabs/CVE-2021-22204-exiftool https://github.com/AssassinUKG/CVE-2021-22204 https://github.com/se162xg/CVE-2021-22204 https://github.com/UNICORDev/exploit-CVE-2021-22204 https://github.com/bilkoh/POC-CVE-2021-22204 https://github.com/mr-tuhin/CVE-2021-22204-exiftool https://github.com/Akash7350/CVE-2021-22204 https://github.com/PenTestical/CVE-2021-22204 https://github.com/0xBruno/CVE-2021-22204 https: • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.9EPSS: 0%CPEs: 145EXPL: 0

CVE-2021-2161 – OpenJDK: Incorrect handling of partially quoted arguments in ProcessBuilder on Windows (Libraries, 8250568)

https://notcve.org/view.php?id=CVE-2021-2161

Vulnerability in the Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u291, 8u281, 11.0.10, 16; Java SE Embedded: 8u281; Oracle GraalVM Enterprise Edition: 19.3.5, 20.3.1.2 and 21.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. • https://docs.azul.com/core/zulu-openjdk/release-notes/april-2021.html#fixed-common-vulnerabilities-and-exposures https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://lists.debian.org/debian-lts-announce/2021/04/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ACX4JEVYH6H4PSMGMYWTGABPOFPH3TS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CFXOKM2233JVGYDOWW77BN54X3GZTIBK https://lists.fedoraproject.org/archives/ • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •